Host GS: Services System View

Document created by RSA Information Design and Development on Nov 7, 2017Last modified by RSA Information Design and Development on Nov 7, 2017
Version 2Show Document
  • View in full screen mode
 

This topic introduces features and functions of the Services System view.

The Services System view provides a services summary for NetWitness Suite Core services and some other services, for example Reporting Engine.

The summary information for NetWitness Suite Core services (Broker, Concentrator, Decoder, and Log Decoder) is similar, including information about: 

  • Service
  • Appliance Service
  • Service user information
  • Host user information
  • License information
  • Session information

The toolbar for NetWitness Suite Core services is also similar. The options provide a way to run command-line host tasks, control services and hosts, and other service-specific tasks such as uploading packet capture or log files to a service.

Workflow

This workflow shows the tasks you perform from the System view.

                               
RoleI want to ...
Administrator 
Administrator .

Administrator

 

AdministratorLog Collector Only - Start or stop log collection protocol.
AdministratorArchiver, Broker, and Concentrator Only - Configure Group Aggregation.

Related Topics

Quick Look

The following example shows you how to use the System view for a Decoder. The System view for all the services provide you with the same information for each service except for the toolbar at the top.

Workbench Toolbar

Log CollectorToolbar

Decoder Toolbar

IPDB Extractor Toolbar

Log Decoder Toolbar

Archiver, Broker, and Concentrator Toolbar

Services Without a Toolbar

Event Stream Analysis

Malware Analysis

Reporting Engine

Select a Service.

             

 

Go to ADMIN > Services view.

 

Select a service and select Actns.png > View> System.

Perform System View Tasks

                                                     
 1  View basic information for a service.
 2  Start, stop or restart a service.
 3  Reboot a service.
 4  Shutdown Appliance service running on this host.
 5  Execute a task from the Host Task List.
 6 

View users connected to a service.

 7 

Kill a user connection to a service.

 8  Decoder and Log Decoder Only - Start or stop capture.
9 Log Collector Only - Start or stop log collection protocol.
10 Archiver, Broker, and Concentrator Only - Configure Group Aggregation.
11 Decoder Only - Upload a packet capture file.
12 Log Decoder Only - Upload log file.

Features

This section describes common features for NetWitness Suite Core service types.

  • Features specific to Brokers and Concentrators are described in the Services System View - Broker topic in the Broker and Concentrator Configuration Guide.
  • Features specific to Decoders and Log Decoders are described in .

Services Without a Toolbar

Event Stream Analysis

Malware Analysis

Reporting Engine

This table describes the Services System View toolbar options common to all Core services.

                           
ActionDescription
Host Tasks Displays the Host Task List dialog, which provides a way to run command-line host tasks from a selection list. See  for detailed information.
Shutdown Service Shuts down and restarts the service for a Decoder, Log Decoder, Broker, or Concentrator.
Shutdown Appliance Service Stops all services running on the host, then shuts down and restarts the appliance service for a Log Decoder, Log Decoder, Broker, or Concentrator.
Reboot Shuts down and restarts the host on which the Core services are running.

The toolbar in the System view for the Decoder and Log Decoder services also contains the following commands.

                       
ActionDescription
Upload Packet Capture File

Displays a dialog that provides a way to select a packet capture (.pcap) file for upload to the selected Decoder. For more information, see the Upload Packet Capture File topic in the Decoder and Log Decoder Configuration Guide.

Note: This option does not apply to Log Decoders.

Upload Log File

Displays a dialog that provides a way to select a log (.log) file for upload to the selected Log Decoder. For more information, see the Upload Log File to a Log Decoder topic in the Decoder and Log Decoder Configuration Guide.

Start/Stop Capture

Starts packet capture on the selected Decoder. When packet capture is in progress, the option in the toolbar changes to Stop Capture, and the option to upload a file is unavailable. 

The toolbar in the System view for the Archiver, Broker, and Concentrator services has commands that start or stop group aggregation after you configure it.

                   
ActionDescription
Start AggregationStops group aggregation.
Stop Aggregation

Starts group aggregation.

Services Summary Information

The top section of the Services System view summarizes information about the selected service. This applies to all Core service types: Decoders, Brokers, Concentrators, and Log Decoders.

                       
CategoryDescription
Service and Appliance Service Information This Includes the service name, service version, memory usage in megabytes, memory usage as a percentage of total memory, the time and date the service started running, the duration of time the service has been running, and the current time.
Service and Host User Information Displays users who have access to this service and the user role to which they belong.
License Information Displays the computer ID for the service and the licenses installed for that ID.
  • In NetWitness Suite 10.1 and later, the license information is the license key provided for the service by the NetWitness Suite local license server.
  • In NetWitness Suite 10.0, each license has an expiration date and some have other parameters such as maximum storage on system.

Session Information Grid

The bottom section of the Services System view provides a list of active sessions. In this view, you can:

  • End a session
  • End an active query

This table describes the Session Information grid columns.

                               
CategoryDescription
Session The ID for the session. Clicking the session ID displays a dialog with the option to kill the session. You can approve the action or cancel the action.
User The name of the session owner.
IP Address The IP address of the service where the session is running.
Login Time The time the user logged in.
Active Queries The count of active queries. Clicking a non-zero count displays a dialog in which you can stop execution of a query.
You are here
Table of Contents > Host GS: Services System View

Attachments

    Outcomes